Comment 1 for bug 1648143

using
  lxc launch images:ubuntu/yakkety torcontainer
to create the container

the installing tor into the container and starting it I can replicate the error. However this is due to the container not having apparmor installed. The container is not booting with apparmor or loading the tor profile.

Once apparmor is installed the container reports a different error.

[103975.623545] audit: type=1400 audit(1481284511.494:2807): apparmor="DENIED" operation="change_onexec" info="no new privs" error=-1 namespace="root//lxd-tor_<var-lib-lxd>" profile="unconfined" name="system_tor" pid=18593 comm="(tor)" target="system_tor"

Which upon investigation is an error in the change_profile check around seccomp no_new_privs when policy is stacked.